Skip to main content
Version: 4.32.x.x LTS

Auth markers

A nevisAuth session contains information about the operations performed to authenticate and authorize the user. This information takes the form of a sequence of auth markers. An auth marker represents a successfully completed operation relevant for the authentication and authorization process.

An auth marker has the following form:

<technology>:<type>(<user identification>)

  • technology: A short text that indicates the technology used in the operation. Examples: "Kerberos", "X509", "LDAP".
  • type: The classification of the authentication or authorization type. These values are available:
  • user identification: The user identification that was established in the operation.

This is an example of an auth marker:

LDAP:username/password(uid=xxx,ou=people,o=siven,c=ch)

To access and inspect all available auth markers in your system, use the variable ${request:authMarkers}.Each auth marker in a session belongs to an AuthState. For the correct notation of the auth marker per AuthState ".

The Nevis product nevisIDM makes use of AuthStates, as well. These AuthStates can also be part of the authentication and authorization process. As such, they also generate auth markers after a successfully completed operation. For information about the auth markers per nevisIDM AuthState, see the nevisIDM reference guide.

Auth markers are used for auditing, e.g., to trace the route of the user through the various AuthStates during the authentication process. Therefore, the system stores auth markers as audit data. An audit log file can contain all auth markers belonging to a certain authentication process in the form of a trail. For more information about the auditing of auth markers and trails, see Auditing.